"Mobile payments" is about as unsexy as technology buzzwords get. But there's …

"Mobile payments" is about as unsexy as technology buzzwords get. We're basically talking about phones and money. And it's hard enough to get people excited about money in the first place—unless you're receiving large sums of it, that is—let alone using a phone to make or spend it.

But it is exciting! Trust us. And there's a reason why you're going to be hearing a lot more about mobile commerce before this year is done.

The philosophy behind mobile payments is simple; it's the idea that everyone should have the ability to buy anything, anywhere. And it sounds a lot better—not to mention sexier—when explained that way. Because, beyond all the oddly shaped geometrical dongles and near-field communication magic, that's essentially what the likes of Square, PayPal, Google et al want to do.

Who's involved?

Today, there are essentially two main camps in the mobile commerce space—those who want to use phones as a tool to make money, and those who want to use phones as a means to spend money.

Square and PayPal fall into the former camp. Both companies want to empower small-to-medium size merchants—think artists, food trucks or mom-and-pop shops—to accept plastic payment, instead of just plain old cash.

In the latter camp, you'll find Google Wallet, which is quite literally an attempt to replace your traditional wallet with an NFC-capable Android phone. Instead of paying for goods and services with a traditional credit card, you can use your phone instead. Competitors from pretty much every retail and mobile-oriented industry you can imagine—including Target, Walmart, Verizon, and AT&T—are said to be joining the fray as well.

What it means for merchants

PayPal, grand purveyor of all things monetary and commerce-related in the online world, made an announcement last week—a small, triangular-shaped announcement. PayPal is jumping into the bourgeoning industry of mobile commerce with a service called Here, in the hopes of capturing a new swath of offline users, one swipe at a time.

Here's how it works. A merchant—perhaps a barista, or a painter—plugs PayPal’s triangle hardware into their iPhone, effectively turning it into a portable credit card reader. The hardware's job is to process the financial information hidden within a card's magnetic stripe. You swipe your card, and the phone handles the sale.

PayPal's primary competitor in this space is a company called Square, the progeny of Twitter co-founder Jack Dorsey. Square has been in the mobile commerce business since 2010, and after announcing $4 billion in transactions to its one million merchants earlier this month, it's obvious that PayPal wants a slice of that pie.

Both companies are interested in turning everyday consumer phones—and even tablets—into cheap, accessible sales machines. Put another way, think about vendors and merchants that might traditionally accept only cash—food trucks or art shows or places that usually don't have the infrastructure to set up the sort of elaborate point-of-sale system you might find in your typical retail or department store. It's an underserved, untapped market.

But if these vendors aren't already accepting debit and credit cards, how do Square and PayPal expect to convince them? It's a matter of convenience and cost. The immediate benefit is pretty obvious: merchants can use hardware they probably own already—in this case, an iPhone, iPad, or Android phone. Even better, the dongles from PayPal and Square are free.

And if this alone isn't incentive enough, it's also worth noting that credit card transaction fees—which usually vary, depending on the type of card or the bank it's tied to—are instead flat-rate. Square takes 2.75 percent on every transaction, while PayPal takes a slightly lower 2.7 percent cut. ("That .05 percent difference is small," writes Mike Isaac at Wired, "but over $4 billion in transactions, it adds up to $2 million extra in merchants' pockets.")

The goal is to allow these people to operate outside the physical boundaries of what you might traditionally consider to be a store, so they can make a sale nearly anywhere—and with nothing more than their phone.

What it means for you

What mobile payments mean for the average user is pretty clear—an easier way to pay for more things in more places without carrying cash. If this all sounds idyllic and optimistic, it really does work. During a trip to San Francisco last summer, I went to the Renegade Craft Fair, and bought far more prints and posters than was probably financially sound. Typically, I would have had to run to the ATM for cash (which sucks as a foreign Canadian traveller), but most of the vendors I encountered were using Square. It was similar to every other retail transaction I've ever made, except it was happening on an iPhone, in a giant warehouse, where traditional point-of-sale readers feared to tread.

In the case of both Square and PayPal's Here service, consumers won't really have to approach their spending habits any differently. To the end-user, each company's hardware works as you'd expect from your typical retail card-reader, on-screen signature and all. There are added niceties—the ability to be remembered by Square and PayPal via online accounts, for example, and e-mailed receipts—but the transaction process remains fundamentally familiar.

Where things get dicey is with systems like Google Wallet, which don't necessarily rely on traditional payment methods—like credit cards—but effectively replace them. For example, in Google Wallet's case, you'll need to have an NFC-equipped Android phone to take part. And there's also the matter of finding stores with Wallet support, which, at the moment, is difficult. Assuming retailers and mobile carriers launch their own unique competitors, this part of the mobile payments industry is about to get real crowded very quickly.

The point here is that mobile payments are a big deal, and with the staggering number of smartphones in use worldwide, that's a market no one wants to easily cede. And when you consider the real-world applications—without fixating on oddly shaped dongles and underlying tech—you'll begin to see why the fight to make money mobile is, quite literally, worth billions. In a world of Squares and Googles, PayPal is only the latest entrant.

64 Reader Comments

Square's reader isn't encrypted and I've read about proof of concept devices that can read credit card data from a Square device at a distance. PayPal's device is encrypted at the reader and doesn't get unencrypted until it hits PayPal servers.

PayPal also has a consumer mobile app to compliment the merchant device. Consumers can find merchants via their phone and GPS. Consumers can also check in at a location and initiate payment.

PayPal also has more banks, more robust reporting, etc.

It is also worth noting that PayPal also supports NFC payments an Android phones like Google Wallet.

Don't forget Intuit Gopayment as well. I haven't tried the Paypal hardware, but the Square swiper is kind of a pain to use, I have to hold it still when I am swiping, a little clumsy.

The Intuit Gopayment swiper is nice, it's got a rubber bottom and feels a lot more solid, and it's a lot easier to swipe a credit card. I'll be interested to give the PayPal swiper a try, I wish I could use the Intuit hardware with the Square App.

I have a Square reader, and I've used it, um, maybe three times in the past two years. I don't do much selling at makers faires, Renn faires, or similar events, but I do - exactly as Matthew says - a bit more buying than I really should.

The point is that I don't have a small business. I am not a "maker." But I do want to sell my old computer, (early 2008 macbook, anyone?) and I'll take plastic. At some point this summer a yard sale is in order, and I'll be able to swipe in addition to taking cash. And there's a minimum $1 transaction, they take a cut off the top, and that's it. They won't cancel my service if I don't make a single sale for a year.

Square talks about how many "merchants" they have, but I'm not a merchant. I'm a person, who occasionally sells things, and I can take plastic, a priviledge which was previously reserved for businesses.

Any of these services available in the UK? I am looking to accept card payments from my customers when I do work in their homes, but don't need a merchant service from a bank.

I don't believe that any of these handle the chip and pin cards in the UK at the moment. But PayPal is global and can handle chip and pin cards otherwise. So I wouldn't be shocked to see the next iteration of their mobile payment system support it.

Square's reader isn't encrypted and I've read about proof of concept devices that can read credit card data from a Square device at a distance. PayPal's device is encrypted at the reader and doesn't get unencrypted until it hits PayPal servers.

PayPal also has a consumer mobile app to compliment the merchant device. Consumers can find merchants via their phone and GPS. Consumers can also check in at a location and initiate payment.

PayPal also has more banks, more robust reporting, etc.

It is also worth noting that PayPal also supports NFC payments an Android phones like Google Wallet.

The Square and PayPal offerings need to evolve into chip readers. The banking system in Canada is planning on phasing out magstripe transactions by 2015, so they'll get left behind in this market pretty quickly.

First observation: Platform lock = fail. In fact, requiring an attached hardware device reminds me of the CueCat.Second observation: I'm not entirely sure I want my credit card stored on my mobile device. It pisses me off I'm required to have a credit card on file for my Live account.Third observation: Anyone who has been stuck behind someone who doesn't carry cash and either has no credit available or (more likely) the server the card machine is connected to is not responding knows that for the random candy bar, pizza, gas fillup and grocery trip cash is just simpler, and faster.

On the same day that Paul Allen's stolen debit card is in the news, it's probably worth noting that there are no security standards required for these mobile payment services likes Square.

The PCI Security Standards Council still has no guidelines for mobile payment using off the shelf phones. Currently the only approved secure method for mobile payment is to use a purpose built piece of mobile hardware with approved software. So the real race is the mobile payment platform providers attempting to be the first ones to get the PCI Council to endorse a standard for these payment methods.

I think it's great that these new businesses can become credit card merchants and expand their businesses, That being said I will wait until the PCI Council has set forward guidelines before I start handing over my card to some guy in a truck with an iPhone.

The Square and PayPal offerings need to evolve into chip readers. The banking system in Canada is planning on phasing out magstripe transactions by 2015, so they'll get left behind in this market pretty quickly.

I've actually been wondering about this. That said, I thought chips were mandatory, but the cards would still retain magstripes. Is that no longer the case?

The Square and PayPal offerings need to evolve into chip readers. The banking system in Canada is planning on phasing out magstripe transactions by 2015, so they'll get left behind in this market pretty quickly.

I've actually been wondering about this. That said, I thought chips were mandatory, but the cards would still retain magstripes. Is that no longer the case?

IIRC, the magstripes will remain, for transactions when you travel to certain countries where they have no plans to phase out the magstripe or switch to the metric system, but all domestic transactions MUST be through the chip and will be rejected otherwise.

The only way around it, I guess, will be to do transactions through a US account. But that can get messy.

As John Dvorak said, I just don't trust the telcos to be debt collectors (and we already know telcos will undercut Google Wallet and PayPal for their own systems). Judging by how they let crooks subscribe you into dubious services just because you downloaded a ringtone or app, without asking for confirmation if you really want to be subscribe to the "service", and by how they force you to personally negotiate with the "service" in order to unsubscribe (the telco's won't offer the ability to just cut payment to the "service"), I don't trust them.

If you think of it, telcos make perfect debt collectors. All "payments" and "subscriptions" are done without an actual signature, hence are open to abuse, the debt is incorporated into your phone bill and has to be paid as a whole (you can't just pay the phone bill and leave the debt), and if you don't pay, they will disconnect your phone and put you on a "bad customers" list for the other telcos to see, essentially leaving you without telecommunications. And who can live without telecommunications these days? Of course, the telcos get a cut from the crooks for all these. It all started with dial-up internet in the 90s, where some virus would force some poor guy's PC (fortunately never mine) to dial some weird high-charge number, and because the carrier never asked for confirmation if you really want to connect to these high-charge numbers (something that would prevent dialers), the poor guy got charged. And the carrier got it's cut. All methods to control this were opt-in and came extra. This scheme showed the telcos how easily they could turn themselves into debt collectors.

So naturally, now they are pushing forward their scheme, cleverly sugar-coated with smartphones and NFC.

Always pay with cash or cards (credit, prepaid, ATM card), which are clearly seperated from your phone/tablet and the telcos.

The Square and PayPal offerings need to evolve into chip readers. The banking system in Canada is planning on phasing out magstripe transactions by 2015, so they'll get left behind in this market pretty quickly.

I've actually been wondering about this. That said, I thought chips were mandatory, but the cards would still retain magstripes. Is that no longer the case?

IIRC, the magstripes will remain, for transactions when you travel to certain countries where they have no plans to phase out the magstripe or switch to the metric system, but all domestic transactions MUST be through the chip and will be rejected otherwise.

The only way around it, I guess, will be to do transactions through a US account. But that can get messy.

Square and Here could process the payment as a 'card not present' transaction, similar to buying stuff on the internet. The number/expiry can be read off the magstripe like usual, but they'll be a higher cost for processing it compared to a chip/pin transaction.

First observation: Platform lock = fail. In fact, requiring an attached hardware device reminds me of the CueCat.Second observation: I'm not entirely sure I want my credit card stored on my mobile device. It pisses me off I'm required to have a credit card on file for my Live account.Third observation: Anyone who has been stuck behind someone who doesn't carry cash and either has no credit available or (more likely) the server the card machine is connected to is not responding knows that for the random candy bar, pizza, gas fillup and grocery trip cash is just simpler, and faster.

Your first two observations are more for GoogleWallet than for either the Square or Paypal readers. And I completely reject your last observation. I hate carrying cash, yes I'm completely "on the grid" but I can use mint.com to view every single transaction I make. And in DC, sometimes the vending machines even have credit card readers on them. Cash is just a huge pain anymore I feel, my bank is completely without branches (Ally Bank) and I just do direct deposit and check card for literally everything. Then Venmo for the times when I need to move money around with friends.

Square and Here could process the payment as a 'card not present' transaction, similar to buying stuff on the internet. The number/expiry can be read off the magstripe like usual, but they'll be a higher cost for processing it compared to a chip/pin transaction.

You can do "card not present" transactions with Square. You have to type everything in, card number and all. It's a pain, and they take a higher cut, but if you have your phone and not your reader, it means you can still take a payment.

I didn't say you had to accept it, but it is undeniably true. Sure, not carrying cash keeps you relatively safe from pan handlers, but it is in no way more convenient than cash. Unless of course you don't plan any of your purchases ahead of time, but that is more of a personal issue.

Having used paypal I can tell you its not all its cracked up to be. Given that unless the address is correct the sale is not even insured by paypal and as much as a quarter of all sales have a failure in the address it amazes me they make any money at all. However the idea of google knowing everything we search for and on top of that everything we buy would put them in a rather unique position.

Mobile payment isn't really a new concept, though. People don't get excited about their credit or debit cards. They didn't get excited about Newsweek running the story about the idea more than a decade and a half ago.

It just isn't something people think highly of.

In today's climate, people are protecting what they have left. In the past, people didn't worry about skimmers, identity theft, privacy, or bank account seizure through their personal computers the way they do today. The level of scrutiny has increased significantly and people are beginning to resist technology they don't understand when it has access to their money.

The Square and PayPal offerings need to evolve into chip readers. The banking system in Canada is planning on phasing out magstripe transactions by 2015, so they'll get left behind in this market pretty quickly.

As a user of this banking system, I am thoroughly unimpressed with the new chip/pin system. When you insert your debit card into the chip reader and enter your pin number, the system no longer validates your pin with the bank, but validates it locally from the chip on your card and then proceeds with the transaction.

So if your card is stolen, someone can read the chip and get your pin.

Also one bank is now offering NFC chips on their bank cards. Needless to say I contacted that bank and told them to disable the NFC capability.

When you insert your debit card into the chip reader and enter your pin number, the system no longer validates your pin with the bank, but validates it locally from the chip on your card and then proceeds with the transaction.

So if your card is stolen, someone can read the chip and get your pin.

AIUI, the pin is sent to the chip (not read from it) and verified that way; there are attacks involving power measurement and the like, but those are unlikely to be available to your garden-variety pickpocket. Standard brute-force attacks should cause the card to lock itself after a few failed PIN attempts.

People will have different views on this. I've been delayed more by people with cash then those with cards, even counting those rare times some part of the system is having issues. Delayed by folks wanting to count exact change and digging around for said change for quite a bit being the most common. Not having enough cash on hand to cover the groceries is another. Any more it seems the people "caught short" tend to be cash wielding rather than plastic, though this is totally anecdotal.

Personally, I hate making trips to the bank, or doing the search for a branch ATM for cash. Even if one plans most the weekly expenses - four more trips to the bank than I'd make just using plastic - unexpected things crop up. A night out with friends. Maybe a clothing purchase that was more than you'd intended to spend, etc. With direct deposit and plastic, one rarely need visit a bank.

I also don't like carrying much more "extra" cash than I need to, so I don't really agree it's faster or simpler, but that's just me.

Government should step in and make a commitee to make a standard. With standard cost, methods and encryption, and the recommended laws surround them and penalties instead of trying to fix thing when they are working for the people. Let's face it there is minimal cost in making transactions, and needed for public good, it's where government should step in.

When you insert your debit card into the chip reader and enter your pin number, the system no longer validates your pin with the bank, but validates it locally from the chip on your card and then proceeds with the transaction.

So if your card is stolen, someone can read the chip and get your pin.

AIUI, the pin is sent to the chip (not read from it) and verified that way; there are attacks involving power measurement and the like, but those are unlikely to be available to your garden-variety pickpocket. Standard brute-force attacks should cause the card to lock itself after a few failed PIN attempts.

There is a shown weakness in current UK implementations tho.

This involves that while the reader can verify the card, there is no way for the card to verify the reader.

Given this, a MITM attack can be performed. This makes the reader think the card accepted the pin as valid, while the card thinks the reader initiated a "no connection to bank" transaction. This meaning that the card thinks that the reader is spitting out a long slip of paper for the customer to sign.

Even worse is that the bank will log this as a pin payment, so that if the customer tries to refute it later on the bank can claim that the customer have been careless with his pin. And therefore the customer is the liable party, not the bank.

The same basic arguements were put forth when bank cards were first used, but over the years the various problems of security and durability were solved and today people don't think twice about pulling out the plastic at stores or online. The same will happen with these smartphone card readers as an interim solution until the NFC systems are perfected. In a few years (the tongue in cheek 3 - 5 years) all our accounts will be on our smartpnones and the only thing in our wallets will be our driver's licence and pictures of the current significant other.

People will have different views on this. I've been delayed more by people with cash then those with cards, even counting those rare times some part of the system is having issues. Delayed by folks wanting to count exact change and digging around for said change for quite a bit being the most common. Not having enough cash on hand to cover the groceries is another. Any more it seems the people "caught short" tend to be cash wielding rather than plastic, though this is totally anecdotal.

This because the bank may well allow the balance to go into the red, and then charge high loan interest.

Or as one recent story went:

Some guys bank deducts some annual fee. This sends his account just enough into the red to be flagged by some automated system that adds a penalty fee. Said penalty then triggers another tier, and by the next day he owed the bank $200.

The same basic arguements were put forth when bank cards were first used, but over the years the various problems of security and durability were solved and today people don't think twice about pulling out the plastic at stores or online. The same will happen with these smartphone card readers as an interim solution until the NFC systems are perfected. In a few years (the tongue in cheek 3 - 5 years) all our accounts will be on our smartpnones and the only thing in our wallets will be our driver's licence and pictures of the current significant other.

The main trick is to put the incentive for fixing issues with the banks. This by way of laws and regulations that put the liability for fraudulent charges on the banks. If not, the banks will just shrug and ignore any issues.

Well, without a built-in barcode reader, it's kinda hard to run a credit card through your phone. That's why I prefer Google Wallet's implementation, but not enough phones support it yet.

Quote:

Second observation: I'm not entirely sure I want my credit card stored on my mobile device. It pisses me off I'm required to have a credit card on file for my Live account.

Well, the Square reader doesn't store your card on the phone. And the chip NFC systems use (aka Google Wallet) use encryption, so that shouldn't be a problem.

Quote:

Third observation: Anyone who has been stuck behind someone who doesn't carry cash and either has no credit available or (more likely) the server the card machine is connected to is not responding knows that for the random candy bar, pizza, gas fillup and grocery trip cash is just simpler, and faster.

It's really no different than someone who brings too much stuff to the counter and spends several minutes digging through pockets/purse to find enough change to cover it. I saw that happen quite a bit as a cashier.

All of these things are just trying to add yet another useless middleman who takes a chunk of small business profits. The 2-4% credit card companies get is painful enough now they want to add another 2-4% for more processing that is useless. In today's market there isn't enough profit for long term survival.

NFC is mixed it isn't any faster. PayPal is untrustworthy. Both of them then reserve the eight to resell your purchasing history to third parties.

Some guys bank deducts some annual fee. This sends his account just enough into the red to be flagged by some automated system that adds a penalty fee. Said penalty then triggers another tier, and by the next day he owed the bank $200.

I don't see this as being much different using cash, checks, or debit cards if your checking account doesn't have enough of a buffer. If you're using credit, it can actually be in your favor rather than the bank's. I'll eat that high credit card interest on the ten dollars I miscalculated rather than paying the cascading set of bounced check fees banks impose.

That's if you're living month to month or not keeping enough of a buffer in checking.

All of these things are just trying to add yet another useless middleman who takes a chunk of small business profits.

I dunno. Having a third party that keeps the accounting books on the transactions allows settling of disputes in ways that handing over cash can't. The trick is that the accountant needs to be impartial, and sadly there is almost no way to ensure that as long as one is dealing with humans.

I haven't used Paypal since they locked my account with $18 in it. Had to spend 4 hours on hold to speak to a live person. They requested I fax some ID and personal info to verify who I was. I did. They sent me an email telling me that it was not sufficient. This was 5 years ago. I think in another 2 years they will have to turn the funds over to the state (California??).

As John Dvorak said, I just don't trust the telcos to be debt collectors (and we already know telcos will undercut Google Wallet and PayPal for their own systems). Judging by how they let crooks subscribe you into dubious services just because you downloaded a ringtone or app, without asking for confirmation if you really want to be subscribe to the "service", and by how they force you to personally negotiate with the "service" in order to unsubscribe (the telco's won't offer the ability to just cut payment to the "service"), I don't trust them.

If you think of it, telcos make perfect debt collectors. All "payments" and "subscriptions" are done without an actual signature, hence are open to abuse, the debt is incorporated into your phone bill and has to be paid as a whole (you can't just pay the phone bill and leave the debt), and if you don't pay, they will disconnect your phone and put you on a "bad customers" list for the other telcos to see, essentially leaving you without telecommunications. And who can live without telecommunications these days? Of course, the telcos get a cut from the crooks for all these. It all started with dial-up internet in the 90s, where some virus would force some poor guy's PC (fortunately never mine) to dial some weird high-charge number, and because the carrier never asked for confirmation if you really want to connect to these high-charge numbers (something that would prevent dialers), the poor guy got charged. And the carrier got it's cut. All methods to control this were opt-in and came extra. This scheme showed the telcos how easily they could turn themselves into debt collectors.

So naturally, now they are pushing forward their scheme, cleverly sugar-coated with smartphones and NFC.

Always pay with cash or cards (credit, prepaid, ATM card), which are clearly seperated from your phone/tablet and the telcos.

This.The only thing is avoid paying with your debit card. If its ever gets stolen, its your money, and good luck getting it back. When you use CC, usually there will be no penalty to the end user and no money is usually lost (cc company takes the haircut, worst case).Also be careful with "cash back" when using debit cards, often there is a hefty fee, as the store is often outside the bank's atm network.

As John Dvorak said, I just don't trust the telcos to be debt collectors (and we already know telcos will undercut Google Wallet and PayPal for their own systems). Judging by how they let crooks subscribe you into dubious services just because you downloaded a ringtone or app, without asking for confirmation if you really want to be subscribe to the "service", and by how they force you to personally negotiate with the "service" in order to unsubscribe (the telco's won't offer the ability to just cut payment to the "service"), I don't trust them.

If you think of it, telcos make perfect debt collectors. All "payments" and "subscriptions" are done without an actual signature, hence are open to abuse, the debt is incorporated into your phone bill and has to be paid as a whole (you can't just pay the phone bill and leave the debt), and if you don't pay, they will disconnect your phone and put you on a "bad customers" list for the other telcos to see, essentially leaving you without telecommunications. And who can live without telecommunications these days? Of course, the telcos get a cut from the crooks for all these. It all started with dial-up internet in the 90s, where some virus would force some poor guy's PC (fortunately never mine) to dial some weird high-charge number, and because the carrier never asked for confirmation if you really want to connect to these high-charge numbers (something that would prevent dialers), the poor guy got charged. And the carrier got it's cut. All methods to control this were opt-in and came extra. This scheme showed the telcos how easily they could turn themselves into debt collectors.

So naturally, now they are pushing forward their scheme, cleverly sugar-coated with smartphones and NFC.

Always pay with cash or cards (credit, prepaid, ATM card), which are clearly seperated from your phone/tablet and the telcos.

This.The only thing is avoid paying with your debit card. If its ever gets stolen, its your money, and good luck getting it back. When you use CC, usually there will be no penalty to the end user and no money is usually lost (cc company takes the haircut, worst case).Also be careful with "cash back" when using debit cards, often there is a hefty fee, as the store is often outside the bank's atm network.

Telecommunications Act of 1996. Read it. The phone company isn't the problem here, Congress is. And calling any telco and requesting that third party billing be removed from a bill is a simple matter.